A CSRF attack forces a logged-on victim’s browser to send a request to a vulnerable web application, which then performs the chosen action on behalf of the victim. The malicious code is often not on the attacked site. This is why it is called “Cross Site”.
Continue reading “Tech Terminology Demystified – Cross Site Request Forgery”
Cloud computing is getting tons of press these days. Big names such as IBM , Amazon are already in the market with service offerings.So what exactly is cloud computing and how does it work.
A new study released by the Ponemon Institute reveals that there is a general lack of awareness and enforcement of computer security policies at many companies. The rate of non-compliant employee behavior appears to be getting worse over time. Continue reading “Employee IT Security behavior turns worse”
Free converter to open, edit and save Microsoft Office Excel, Word and PowerPoint 2007 files from within earlier versions of Microsoft Office.
Size : 27.5 MB
Download link:
Microsoft’s “IT Infrastructure Threat Modeling Guide” offers security advice.
Microsoft offers up security advice on how to fend off attacks against corporate IT resources by looking at ways that attackers can undermine an organization in its “IT Infrastructure Threat Modeling Guide”.
Remote access software has many useful areas of application like internal IT support, vendor support for software / hardware, accessing office computer from home pc, webinars, etc. However, remote access usage comes with a plethora of security concerns. In this article, I am enlisting some of the basic security measures to be taken by users of remote access software to protect their information assets. Continue reading “10 Steps To Secure Remote Access Software”
SQL injection is an attack on a web server which targets the database the web application is talking to. The aim of the attack is to trick the database server to run queries constructed by the attacker. These attacks can even effect database update or delete transactions.
Continue reading “Tech Terminology Demystified – SQL Injection”
A wrap up of some recent interesting information security news
Indian Websites defaced
As per the official information released by CERT-In (the Computer Emergency Response Team operating under the Department of Information Technology, Govt of India), in Feb 2009 47 Indian websites were hacked, while in March 2009 46 Indian websites were hacked.
This figure has jumped to an alarming 852 Indian websites in April 2009.
Refer the report at
www.cert-in.org.in/knowledgebase/SecurityBulletin/cisb-Apr09.htm
Continue reading “Did you know that 852 Indian Websites were defaced in April 2009?”
A HTTP proxy can help you analyse the data that is sent back and forth between your browser and the websites you visit. It sits between your browser and the website you are visiting and it will hand you all the information that the browser is sending to the website. You have the option to even change the data that is being sent.
On the basis of data coverage, backups are of 3 types viz., full backup, differential backup and incremental backup. The following table gives a brief description of each backup type and also compares the backups in terms of backing up speed, restoration speed and storage space required.
Continue reading “Backup Types and Backup Rotation Strategy”
